This message was posted by a user wishing to remain anonymous
First, I'm not sure what you mean by "level classification," but I do empathize with the struggle that comes with trying to treat contracts with government entities like any other. Unfortunately, I've seen some instances where they simply don't feel they need to play nice in the sandbox with the rest of us. The best we can do, and what I've done in the past, is to go about your process as you would for any other entity that has access to or hosts your customer's data. Make the same requests, hold them to the same standards, and document your progress. Any push back should be treated respectfully and escalated as your program prescribes.
As for the SOC reports, I'm not sure. Maybe there are different certifications that are available, depending on the agency/industry? Anyone else have feedback here?
Original Message:
Sent: 05-26-2020 05:42 PM
From: kouadjo bini
Subject: Due Diligence for Federal Government Entities
We are reevaluating our vendors level classification and I would to know how are other agencies treating federal government entities like Fanny Mae, VA, or your State Housing authorities. These are agencies that store and process our customer's NPI and PIIs. Do they have SOC reports ?